As we entered the ground rush zone for the GDPR a number of organisations issued numbered guidance documents in preparation. I joined in and published a blog article on my linkedin blog called “Beyond Adequate Protection”. This had my five point list of tasks to be GDPR compliant. I summarise them here,
- Know and document your personal data catalogue and its lawful purpose
- Create an identity solution for your data subjects, so subject access requests can be fulfilled
- Build a record keeping solution
- Ensure that your incident management solutions are compliant
- Implement changes to the software development Life Cycle(SDLC) to include privacy impact assessments
The original article deals with these in a bit more detail but I finish by saying that it’s only this easy if your organisation already meets the need to provide adequate technical and organisational protection.
Five steps to Compliance